Skip to content
You are reading EthSigner development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Subcommands

EthSigner signs transaction with a key stored in an encrypted file or an external vault. The EthSigner subcommands are used to specify the keys used to sign transactions:

  • ethsigner [Options] file-based-signer [File Options]
  • ethsigner [Options] hashicorp-signer [Hashicorp Options]
  • ethsigner [Options] azure-signer [Azure Options]
  • ethsigner [Options] multikey-signer [Multikey Options]

The file-based-signer, hashicorp-signer, and azure-signer subcommands are used for single keys only, and the multikey-signer subcommand is used for one or more keys.

Important

Only one signing key subcommand can be used.

Specifying subcommand options

The subcommand to use must be specified on the command line, but the subcommand options can be specified:

For example, you can set the options for the azure-signer subcommand in environment variables or a configuration file, but the subcommand must be specified in the command line

Example

ethsigner --config-file=./config.toml azure-signer

If you specify an option in more than one place, the order of priority is command line, environment variable, configuration file.

Environment variables

For each subcommand option, the equivalent environment variable is:

  • Upper-case
  • _ replaces -
  • Has an ETHSIGNER_ + <SIGNING_OPTION>_ prefix. For example set azure-signer --client-id using the ETHSIGNER_AZURE_SIGNER_CLIENT_ID environment variable.

Note

Only subcommand options can be set in environment variables. The actual subcommand must be specified in the command line.

View help

To view the command line help for the subcommands:

Options

file-based-signer

key-file

File containing key with which transactions are signed.

-k, --key-file=<keyFile>
--key-file=/Users/me/my_node/transactionKey
ETHSIGNER_FILE_BASED_SIGNER_KEY_FILE=/Users/me/my_node/transactionKey
file-based-signer.key-file="/Users/me/my_node/transactionKey"

password-file

File containing password for the key with which transactions are signed.

-p, --password-file=<passwordFile>
--password-file=/Users/me/my_node/password
ETHSIGNER_FILE_BASED_SIGNER_PASSWORD_FILE=/Users/me/my_node/password
file-based-signer.password-file="/Users/me/my_node/password"

hashicorp-signer

auth-file

File containing authentication data for HashiCorp Vault. The authentication data is the root token displayed by the HashiCorp Vault server.

--auth-file=<authFile>
--auth-file=/Users/me/my_node/auth_file
ETHSIGNER_HASHICORP_SIGNER_AUTH_FILE=/Users/me/my_node/auth_file
hashicorp-signer.auth-file="/Users/me/my_node/auth_file"

host

Host of the HashiCorp Vault server. Default is localhost.

--host=<serverHost>
--host="http://host.com"
ETHSIGNER_HASHICORP_SIGNER_HOST=http://host.com
hashicorp-signer.host="http://host.com"

port

Port of the HashiCorp Vault server. Default is 8200.

--port=<serverPort>
--port=23000
ETHSIGNER_HASHICORP_SIGNER_PORT=23000
hashicorp-signer.port=23000

signing-key-path

Path to secret in the HashiCorp Vault containing the private key for signing transactions. Default is /secret/data/ethsignerSigningKey.

--signing-key-path=<signingKeyPath>
--signing-key-path=/my_secret/ethsignerSigningKey
ETHSIGNER_HASHICORP_SIGNER_SIGNING_KEY_PATH=/my_secret/ethsignerSigningKey
hashicorp-signer.signing-key-path="/my_secret/ethsignerSigningKey"

timeout

Timeout in milliseconds for requests to the HashiCorp Vault server. Default is 10000.

--timeout=<timeout>
--timeout=5000
ETHSIGNER_HASHICORP_SIGNER_TIMEOUT=5000
hashicorp-signer.timeout=5000

tls-enabled

Connect to HashiCorp Vault server using TLS. Default is true.

--tls-enabled[=<true|false>]
--tls-enabled=false
ETHSIGNER_HASHICORP_SIGNER_TLS_ENABLED=false
hashicorp-signer.tls-enabled=false

tls-known-server-file

File containing the hostname, port, and SHA256 certificate fingerprint of the HashiCorp Vault server.

--tls-known-server-file=<hashicorpServerFile>
--tls-known-server-file=/Users/me/my_node/knownHashicorpServers
ETHSIGNER_HASHICORP_SIGNER_TLS_KNOWN_SERVER_FILE=/Users/me/my_node/knownHashicorpServers
hashicorp-signer.tls-known-server-file="/Users/me/my_node/knownHashicorpServers"

azure-signer

client-id

ID used to authenticate with Azure Key Vault.

--client-id=<clientID>
--client-id="MyClientID"
ETHSIGNER_AZURE_SIGNER_CLIENT_ID=MyClientID
azure-signer.client-id="MyClientID"

client-secret-path

Path to file containing secret used to access the vault.

--client-secret-path=<clientSecretPath>
--client-secret-path=/Path/MySecret
ETHSIGNER_AZURE_SIGNER_CLIENT_SECRET_PATH="/Path/MySecret"
azure-signer.client-secret-path=/Path/MySecret

key-name

Name of key to be used.

--key-name=<keyName>
--key-name="MyKey"
ETHSIGNER_AZURE_SIGNER_KEY_NAME=MyKey
azure-signer.key-name="MyKey"

key-version

Version of the specified key to use.

--key-version=<keyVersion>
--key-version="7c01fe58d68148bba5824ce418241092"
ETHSIGNER_AZURE_SIGNER_KEY_VERSION=7c01fe58d68148bba5824ce418241092
azure-signer.key-name=key-version="7c01fe58d68148bba5824ce418241092"

keyvault-name

Name of the vault to access. Sub-domain of vault.azure.net.

--keyvault-name=<keyVaultName>
--keyvault-name="MyKeyVault"
ETHSIGNER_AZURE_SIGNER_KEYVAULT_NAME=MyKeyVault
azure-signer.keyvault-name="MyKeyVault"

tenant-id

The tenant ID of the Azure Portal instance being used.

--tenant-id=<STRING>
--tenant-id=34255fb0-379b-4a1a-bd47-d211ab86df81
ETHSIGNER_AZURE_SIGNER_TENANT_ID=34255fb0-379b-4a1a-bd47-d211ab86df81
azure-signer.tenant-id="34255fb0-379b-4a1a-bd47-d211ab86df81"

multikey-signer

directory

Path to the directory containing the TOML files required to access keys.

--directory=<directoryPath>
--directory=/Users/me/keys
ETHSIGNER_MULTIKEY_SIGNER_DIRECTORY=/Users/me/keys
multikey-signer.directory="/Users/me/keys"
ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can discuss issues and obtain free support on EthSigner Discord channel.
For paid professional support by Consensys, contact us at quorum@consensys.net